<html>
<head>
<title>XmlHttpRequest setRequestHeader allowed header test</title>
<script type="text/javascript" src="/shared/scripts/header.js"></script>
<script type="text/javascript" src="/shared/scripts/testcase.js"></script>
<script type="text/javascript">
if (window.addEventListener) {
	window.addEventListener('load', f, false);
} else if (window.attachEvent) {
	window.attachEvent('onload', f);
} else {
	window.onload = f;
}

function f() {
	// change these if you want the test to fail on specific headers.
	var banned_headers = ["host","origin","accept-charset",
	"accept-encoding","accept-language","cookie","referer",
	"transfer-encoding","user-agent","via"];
	var header = new Headers();
	var reqs = 0;
	var disallowed = 0;
	var allowed_banned = 0;
	var allowed = 0;
	var exceptions = 0;
	var tc = new TestCase();	
	tc.input = "Total Header / Value Pair: " + (header.total/2) + '\r\n' + header.listHeaders();
	tc.description = 'XmlHttpRequest setRequestHeader allowed header test';
	tc.test_passed = 'true'; // always passed, only set to false if a disallowed header is found.
	
	do {
		var xhr = get_xhr();
		try {
			xhr.open('GET', '/testcases/headertests/showRequest', false);
		} catch(e) {
			tc.output += 'An error occurred opening url for: ' + header.name + ": " + header.value + ':'+tc.outputException(e);
			tc.result = 'TEST FAILED';
			tc.saveTest(null);
			return;
		}
		try {
			xhr.setRequestHeader(header.name, header.value);
			xhr.send();
			if (xhr.readyState == 4) {
				reqs += 1;
				var ret = header.checkBanned(xhr.responseText, tc);
				if (ret == 0) {
					disallowed += 1;
				} else if (ret == 1) {
					allowed += 1;
				} else if (ret == 2){ 
					allowed_banned += 1;
				}
			}
		} catch(e) {
			tc.output += header.name + ': ' + header.value + ' CAUSED EXCEPTION' + ':'+tc.outputException(e);
			exceptions += 1
		}
	} while(header.next() != -1);
	tc.result += 'total banned allowed: ' + allowed_banned + '\r\n';
	tc.result += 'total requests sent: ' + reqs + '\r\n';
	tc.result += 'total exceptions: ' + exceptions + '\r\n';
	tc.result += 'total allowed: ' + allowed + '\r\n';
	tc.result += 'total disallowed: ' + disallowed + '\r\n';
	tc.result += 'total headers: ' + (header.total/2) + '\r\n';
	tc.expected_result += 'total banned allowed: 0';
	tc.saveTest(null);
}
</script>
</head>
<body></body>
</html>
